Android security is once again in the news for all the wrong reasons after the latest round of vulnerabilities have made international press. The background problem is that Android is supported on multiple platforms via a wide range of manufacturers from Samsung to HTC, and all those in-between. The comparison to Microsoft’s Windows is that updates are pushed from Microsoft, with the odd vendor-specific update thrown in for good measure.
Microsoft vulnerabilities tend to be accepted, as they usually get patched within a sensible timeframe. However smartphone vulnerabilities tend to be big news. The first vulnerability to be categorised as a major problem was “Stagefright”, which was quickly labelled “Worse than Heartbleed”. This is regardless of the fact that they relate to two different types of flaw on two separate platforms. Stagefright related to a smartphone or tablet to be automatically infected with malicious code via a specially crafted MMS message.
Whereas the latest vulnerability, “Certifi-Gate”, allows applications to gain illegitimate privileged access rights, which are typically used by remote support applications that are either pre-installed or personally installed on Android devices.
Recently this has forced the hand of the vendors with Google to be quicker at pushing out security updates by pledging to issue updates on a monthly basis, which is no small task. HTC on the other hand, have been releasing some patches have refused to commit to monthly updates like their counterparts.
Whilst answering questions via Twitter, HTC’s America President Jason Mackenzie stated that, despite the company’s efforts to push them out, it is unrealistic to say that these types of security updates can be guaranteed every month. This is not an unreasonable statement; once you take into account the number of handsets that would require an update and the added delay from carrier testing and approval, getting those out the door and onto your phone is a tall order. But the news can’t be reassuring to those concerned about device security. Interestingly enough, the tweet has deleted so we’re now unsure whether this means HTC are reconsidering their position or only preparing a more customer friendly statement.
Where does this leave HTC users? At this stage, it’s unknown. Google anticipate releasing another security update this October, but we literally have no idea when the OEM’s will release their fixes.
source: android authority